Docker 1.5.0

CPE Details

Docker 1.5.0
docker
docker
1.5.0
2017-12-08
14h32 +00:00
2017-12-08
14h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:docker:docker:1.5.0:*:*:*:*:*:*:*

Informations

Vendor

docker

Product

docker

Version

1.5.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-25365 2022-02-19 00h56 +00:00 Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
7.8
High
CVE-2021-21284 2021-02-02 16h55 +00:00 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
6.8
Medium
CVE-2021-21285 2021-02-02 16h55 +00:00 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
6.5
Medium
CVE-2020-27534 2020-12-30 21h28 +00:00 util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
5.3
Medium
CVE-2014-8179 2019-12-04 14h10 +00:00 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
7.5
High
CVE-2014-8178 2019-12-04 14h05 +00:00 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
5.5
Medium
CVE-2019-5736 2019-02-10 23h00 +00:00 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
8.6
High
CVE-2016-3697 2016-06-01 18h00 +00:00 libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
7.8
High
CVE-2015-3627 2015-05-18 13h00 +00:00 Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
7.2
CVE-2015-3630 2015-05-18 13h00 +00:00 Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
7.2
CVE-2015-3631 2015-05-18 13h00 +00:00 Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
3.6